Security news that informs and inspires

All Articles

1224 articles:

Critical Bug in Kalay IoT Protocol Threatens Millions of Devices

A critical flaw in the ThroughTek Kalay Io platform could allow an attacker complete access to IP cameras, DVRs, and other devices.

Iot Security

GitHub Drops Passwords in Favor of 2FA

GitHub has eliminated support for passwords for Git operations and now requires the use of a hardware security key or other strong 2FA option.

Supply Chain, Github

Multiple Flaws in Realtek SDK Affect Wide Range of IoT Devices

Several vulnerabilities in the Realtek SDK expose millions of IoT devices to remote code execution.

Iot Security

Vice Society Ransomware Actors Target PrintNightmare

A newer ransomware group known as Vice Society is targeting the PrintNightmare vulnerabilities in some of its intrusions now.

Ransomware, Microsoft, Printnightmare

New TA505 Campaign Uses Signed Files to Drop ServHelper Malware

TA505, a well-known cybercrime group, is using signed MSI files and other techniques to install the ServHelper RAT on victims' systems.

Ransomware, Malware

Attackers Scanning for Exchange Servers Vulnerable to ProxyShell

Details of the ProxyShell Exchange server flaws are now public and attackers have begun scanning the Internet for vulnerable servers.

Microsoft

Fundamental Flaw in RNGs Affects Many IoT Devices

The use of weak random number generators in many IoT devices undermines the security of the encryption keys those devices generate.

Iot Security

‘Imagination Makes Us Better Hackers’

CISA Director Jen Easterly said the agency's new Joint Cuber Defense Collaborative seeks imagination and innovation in the hacker community to help secure critical infrastructure.

Black Hat, Cisa, Government

Supply Chain Security: ‘The Government Is Not Going to Fix This’

At Black Hat, Matt Tait of Corellium said the supply chain security problem may get far worse if platform providers don't step in to address it.

Blackhat, Supply Chain

Adversary Security Blunders Reveal LittleLooter Android Malware

During an investigation into suspected Iranian threat group ITG18, researchers found various security errors made by the attackers that gave them an inside look into their TTPs.

Charming Kitten, Android, Malware, Android Malware

Whole of Government Effort, Collaboration Needed to Disrupt Ransomware

A whole of government approach, along with collaboration from the private sector, is key to disrupting the ransomware ecosystem.

Ransomware, Government, Cisa

Decipher Podcast: Jules Okafor

Jules Okafor, CEO of RevolutionCyber, joins Dennis Fisher to talk about her unconventional career arc, the importance of empathy in leadership and communications, and why conventional security awareness programs don't work.

Podcast

Biden Moves to Reinforce Critical Infrastructure Security

A new National Security Memorandum from President Biden sets performance goals for critical infrastructure security and creates a new CI security initiative.

Government, Ransomware

Microsoft Issue Guidance for Mitigating PetitPotam NTLM Relay Attack

Microsoft has released guidance for mitigating the recently disclosed PetitPotam NTLM relay attack.

Microsoft

Officials Cite Progress on Ransomware, But Say Much More Work Ahead

While law enforcement and security researchers have made progress against some ransomware groups, Europol and other law enforcement officials say the threat will remain for some time.

Ransomware, Government